Hi, On Fri, May 30, 2014 18:25, Hannes Magnusson wrote: > Hi > > > > What is the status on the Windows build infrastructure? > Anything I can work on to get "snapshot" functionality implemented? > > > > I believe the infrastructure itself is all in place, it just needs > taping some pieces together and decide on security policy (e.g., upload a > archive.tar.gz? build from a git/svn branch? how to verify its real?). > Maybe we could even trigger these builds from pull requests on github > in the long term? :) > > > -Hannes > > > -- > PECL development discussion Mailing List (http://pecl.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > It's still on todos, too many other tasks around. There are several approaches, imho which make sense.
- snapshot from a VCS by cronjob on the buildhost - snapshot triggered from PECL The security we should adhere to were - no direct upload to the build host - no interfaces for any pings between pecl and the build host - authenticated pecl users are considered safe In a bit detail, concerning with the security, there were the following: 1. Snapshot from VCS - integrate at least with github, svn.php.net, git.php.net, maybe bitbucket? - on the build host a cron is running and building from the latest revision, say hourly or such. The revision is recorded, so no new rev, no new build. - need to know the source path, branch, etc. So some intrusion to PECL is needed to store and export that. 2. Snapshot triggered from PECL 2.1 Snapshot triggered on PECL without upload directly from a VCS - it could look like a button in the user account like "build a snap now" on PECL. Plus it needs to store the VCS location, branch, etc. - when clicked, an item would be added to an RSS feed similar to what exists now with releases - a cronjob on the buildhost would read that RSS and handle 2.2 Snapshot triggered on pecl from upload - looks like a form similar to the release form on PECL - adds items to an RSS feed similar to what exists for releases - buildhost picks it up and builds - by security, no pingbacks on pecl should exist to delete the snap src tarball (so should be handled by the pecl itself in a cronjob or alike) Any of the options has a certain flexibility. The 2.2 i think is the most flexible as it can build any arbitrary source. The 1. is good for the continuous integration, and even can be improved by 2.1. Also, pulling form a VCS looks more secure than accepting an uploaded tarball. Consequently, I'd rather be choosing 1. or 2.1 as the way to start. I don't know the pECL infrastructure well actually, maybe one who knows it cann suggest something better. So please comment and post ideas. Right now this topic is stalled, at least on my side. I probably don't get to it somewhen before July, at least. But it's good to discuss it to have a clear roadmap when the time comes. Regards Anatol -- PECL development discussion Mailing List (http://pecl.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
